lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHjjW16qJgU+cf2-fowyJMRioc61Ko8KF65Qp5Npw9DsoF95VA@mail.gmail.com>
Date:	Fri, 12 Sep 2014 22:39:12 -0500
From:	Joe M <joe9mail@...il.com>
To:	netdev@...r.kernel.org, christophe.gouault@...nd.com
Subject: loading ip_vti breaks IPSec connection

Hello,

I am not sure what I am missing. When I load ip_vti and ip_tunnel
modules, my IPSec connection stops working.

uname -a
Linux master 3.16.2 #86 SMP PREEMPT Fri Sep 12 22:09:11 CDT 2014
x86_64 Intel(R) Pentium(R) CPU G620 @ 2.60GHz GenuineIntel GNU/Linux

- (0:c:/tmp)  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
sudo modprobe ip_vti ip_tunnel
- (0:c:/tmp)  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
ping -c 1 -I 192.168.0.11 192.168.1.232
PING 192.168.1.232 (192.168.1.232) from 192.168.0.11 : 56(84) bytes of data.

--- 192.168.1.232 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

- (0:c:/tmp)  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
sudo modprobe --force --remove ip_vti ip_tunnel
- (0:c:/tmp)  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
ping -c 1 -I 192.168.0.11 192.168.1.232
PING 192.168.1.232 (192.168.1.232) from 192.168.0.11 : 56(84) bytes of data.
64 bytes from 192.168.1.232: icmp_seq=1 ttl=64 time=273 ms

--- 192.168.1.232 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 273.347/273.347/273.347/0.000 ms
- (0:i:/tmp)  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -

Please note that the module was just loaded without any tunnel
configuration. I am not sure

I am using StrongSwan for IPSec configuration and noticed the same
behaviour with libreswan too.

Please let me know if I can provide more details.

Thanks
Joe
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ